Skip to content

http: reject header contents with nul bytes#8601

Closed
bagder wants to merge 2 commits into
masterfrom
bagder/reject-http-zero
Closed

http: reject header contents with nul bytes#8601
bagder wants to merge 2 commits into
masterfrom
bagder/reject-http-zero

Conversation

@bagder
Copy link
Copy Markdown
Member

@bagder bagder commented Mar 16, 2022

They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where c functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new comign headers API work.

Updated test 262 to verify.

@bagder
Copy link
Copy Markdown
Member Author

bagder commented Mar 16, 2022

I made it return CURLE_WEIRD_SERVER_REPLY, as it seemed the best available error code.

@bagder
http: reject header contents with nul bytes
d41351d 
They are not allowed by the protocol and allowing them risk that curl
misbehaves somewhere where c functions are used but won't work on the
full contents. Further, they are not supported by hyper and they cause
problems for the new coming headers API work.

This also makes hyper return the same thing for this error.

Updated test 262 to verify and enabled it for hyper as well

Closes #8601
@bagder bagder force-pushed the bagder/reject-http-zero branch from 2fb268d to d41351d Compare March 17, 2022 08:24
@bagder
revert the hyper return code to CURLE_UNSUPPORTED_PROTOCOL
394f3fd 
It was used for too many other cases as well
@bagder bagder closed this in 526e0ef Mar 17, 2022
@bagder bagder deleted the bagder/reject-http-zero branch March 17, 2022 09:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

HTTP tests

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bagder